Gerd Hoffmann [Mon, 29 Jun 2015 07:42:11 +0000 (09:42 +0200)]
login: add rule for qemu's pci-bridge-seat
Qemu provides a separate pci-bridge exclusively for multi-seat setups.
The normal pci-pci bridge ("-device pci-bridge") has 1b36:0001. The new
pci-bridge-seat was specifically added to simplify guest-side
multiseat configuration. It is identical to the normal pci-pci bridge,
except that it has a different id (1b36:000a) so we can match it and
configure multiseating automatically.
Make sure we always treat this as separate seat if we detect this, just
like other "Pluggable" devices.
Richard Maw [Thu, 2 Jul 2015 13:04:34 +0000 (13:04 +0000)]
util: fall back in rename_noreplace when renameat2 isn't implemented
According to README we only need 3.7, and while it may also make sense
to bump that requirement when appropriate, it's trivial to fall back
when renameat2 is not available.
David Herrmann [Thu, 2 Jul 2015 10:14:27 +0000 (12:14 +0200)]
sd-bus: don't leak kdbus notifications
When we get notifications from the kernel, we always turn them into
synthetic dbus1 messages. This means, we do *not* consume the kdbus
message, and as such have to free the offset.
Right now, the translation-helpers told the caller that they consumed the
message, which is wrong. Fix this by explicitly releasing all kernel
messages that are translated.
David Herrmann [Wed, 1 Jul 2015 17:25:30 +0000 (19:25 +0200)]
udev: destroy manager before cleaning environment
Due to our _cleanup_ usage for the udev manager, it will be destroyed
after the "exit:" label has finished. Therefore, it is the last
destruction done in main(). This has two side-effects:
- mac_selinux is destroyed before the udev manager is, possible causing
use-after-free if the manager-cleanup accesses selinux data
- log_close() is called *before* the manager is destroyed, possibly
re-opening the log if you use --debug (and thus not re-applying the
--debug option)
Avoid this by moving the manager-handling into a new function called
run(). This function will be left before we enter the "exit:" label in
main(), hence, the manager object will be destroyed early.
David Herrmann [Wed, 1 Jul 2015 16:31:18 +0000 (18:31 +0200)]
bus-proxy: never apply policy when sending signals
Unlike dbus-daemon, the bus-proxy does not know the receiver of a
broadcast (as the kernel has exclusive access on the bus connections).
Hence, and "destination=" matches in dbus1 policies cannot be applied.
But kdbus does not place any restrictions on *SENDING* broadcasts, anyway.
The kernel never returns EPERM to KDBUS_CMD_SEND if KDBUS_MSG_SIGNAL is
set. Instead, receiver policies are checked. Hence, stop checking sender
policies for signals in bus-proxy and leave it up to the kernel.
This fixes some network-manager bus-proxy issues where NM uses weird
dst-based matches against interface-based matches. As we cannot perform
dst-based matches, our bus-proxy cannot properly implement this policy.
David Herrmann [Wed, 1 Jul 2015 13:05:01 +0000 (15:05 +0200)]
login: re-use VT-sessions if they already exist
Right now, if you start a session via 'su' or 'sudo' from within a
session, we make sure to re-use the existing session instead of creating a
new one. We detect this by reading the session of the requesting PID.
However, with gnome-terminal running as a busname-unit, and as such
running outside the session of the user, this will no longer work.
Therefore, this patch makes sure to return the existing session of a VT if
you start a new one.
This has the side-effect, that you will re-use a session which your PID is
not part of. This works fine, but will break assumptions if the parent
session dies (and as such close your session even though you think you're
part of it). However, this should be perfectly fine. If you run multiple
logins on the same session, you should really know what you're doing. The
current way of silently accepting it but choosing the last registered
session is just weird.
David Herrmann [Wed, 1 Jul 2015 11:02:58 +0000 (13:02 +0200)]
sysv-generator: fix coding-style
Fix weird coding-style:
- proper white-space
- no if (func() >= 0) bail-outs
- fix braces
- avoid 'r' for anything but errno
- init _cleanup_ variables unconditionally, even if not needed
kmod was fixed upstream to no longer return ENOSYS. Also see:
https://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/commit/?id=114ec87c85c35a2bd3682f9f891e494127be6fb5
The kmod fix is marked for backport, so no reason to bump the kmod
version we depend on.
Richard Maw [Tue, 30 Jun 2015 13:21:14 +0000 (13:21 +0000)]
nspawn: Don't remount with fewer options
When we do a MS_BIND mount, it inherits the flags of its parent mount.
When we do a remount, it sets the flags to exactly what is specified.
If we are in a user namespace then these mount points have their flags
locked, so you can't reduce the protection.
As a consequence, the default setup of mount_all doesn't work with user
namespaces. However if we ensure we add the mount flags of the parent
mount when remounting, then we aren't removing mount options, so we
aren't trying to unlock an option that we aren't allowed to.
build-sys: use wildcard glob in update-man-list again
The idea is that after adding a new man page, make update-man-list
will be used to regenerate part of the makefile. So the data already
present in the makefile cannot be used to do that.
Also, renames filter out generated xml files in make-man-rules.py
itself in order to make Makefile.am a bit simpler, and rename files
to dist_files to better reflect new meaning.
Tom Gundersen [Sun, 28 Jun 2015 21:42:52 +0000 (23:42 +0200)]
udev: event - simplify udev_event_spawn() logic
Push the extraction of the envp + argv as close as possible to their use, to avoid code
duplication. As a sideeffect fix logging when delaing execution.
Andrew Eikum [Fri, 26 Jun 2015 16:02:00 +0000 (11:02 -0500)]
man: Remove instances of pseudo-English "resp."
Me again :) Just noticed one of these in a manpage and did another pass
to clean them up. See 16dad32e437fdf2ffca03cc60a083d84bd31886f for
explanation, though the link needs updating:
<http://transblawg.eu/2004/02/26/resp-and-other-non-existent-english-wordsnicht-existente-englische-worter/>
Tom Gundersen [Mon, 29 Jun 2015 12:24:40 +0000 (14:24 +0200)]
networkd: netdev - avoid hanging transactions in failure cases
If a link is attempted t obe enslaved by a netdev that has already failed, we
must fail immediately and not save the callback for later, as it will then
never get triggered.
Tom Gundersen [Mon, 29 Jun 2015 12:23:17 +0000 (14:23 +0200)]
networkd: fix segfault when cancelling callbacks
This only happens when something has gone wrong, so is not easy to hit. However,
if a bridge (say) is configured on a system without bridge support we will hit
this.
bootchart: reset list_sample_data head before generating SVG
Until commit 1f2ecb0 ("bootchart: kill a bunch of global variables")
variable "head" was declared global and this action was performed by svg_header.
Now that "head" is local and passed to each function called by svg_do(...)
move the code at the beginning of svg_do(...) to restore the correct behaviour.
Tom Gundersen [Thu, 25 Jun 2015 22:02:55 +0000 (00:02 +0200)]
netlink: rework containers
Instead of representing containers as several arrays, make a new
netlink_container struct and keep one array of these structs. We
also introduce netlink_attribute structs that in the future will
hold meta-information about each atribute.
Peter Hutterer [Fri, 26 Jun 2015 06:09:48 +0000 (16:09 +1000)]
Revert "hwdb: add a touchpad hwdb"
The main purpose of this hwdb was to tag touchpads that have the physical
trackstick buttons wired to the touchpad (Lenovo Carbon X1 3rd, Lenovo *50
series). This hwdb is not required on kernels 4.0 and above, the kernel now
re-routes button presses through the trackstick's device node. Userspace does
not need to do anything.
Daniel Mack [Mon, 8 Jun 2015 20:58:50 +0000 (22:58 +0200)]
logind: fix delayed execution regression
Commit c0f32805 ("logind: use sd_event timer source for inhibitor
logic") reworked the main loop logic of logind so that it uses a
real timeout callback handler to execute delayed functions.
What the old code did, however, was to call those functions on
every iteration in the main loop, not only when the timeout
expired.
Restore that behavior by bringing back manager_dispatch_delayed(),
and call it from manager_run(). The internal event source callback
manager_inhibit_timeout_handler() was turned into a wrapper of
manager_dispatch_delayed() now.
Michal Sekletar [Thu, 25 Jun 2015 14:06:40 +0000 (16:06 +0200)]
install: explicitly return 0 on success
Maybe there is some left-over value stored in r from previous function
call. Let's make sure we always return consistent error code when we reach end of
the function body.
Fixes following crash of test-install,
Assertion 'r == 0' failed at src/test/test-install.c:52, function main(). Aborting.
[1] 11703 abort (core dumped) ./test-install
The kernel bonding layer allows passing an array of ARP IP targets as
bond-configuration. Due to the weird implementation of arrays in netlink
(which we haven't figure out a generic way to support, yet), we usually
hard-code the supported array-sizes. However, this should not be exported
from sd-netlink.
Instead, make sure the caller just uses it's current hack of enumerating
the types, and the sd-netlink core will have it's own list of supported
array-sizes (to be removed in future extensions, btw!). If either does not
match, we will just return a normal error.
Note that we provide 2 constants for ARP_IP_TARGETS_MAX now. However, both
have very different reasons:
- the constant in netdev-bond.c is used to warn the user that the given
number of targets might not be supported by the kernel (even though the
kernel might increase that number at _any_ time)
- the constant in sd-netlink is solely used due to us missing a proper
array implementation. Once that's supported in the type-system, it can
be removed without notice
Last but not least, this patch turns the log_error() into a log_warning().
Given that the previous condition was off-by-one, anyway, it never hit at
the right time. Thus, it was probably of no real use.
David Herrmann [Tue, 23 Jun 2015 10:10:38 +0000 (12:10 +0200)]
sd-netlink: don't treat NULL as root type-system
Explicitly export the root type-system to the type-system callers. This
avoids treating NULL as root, which for one really looks backwards (NULL
is usually a leaf, not root), and secondly prevents us from properly
debugging calling into non-nested types.
Also rename the root to "type_system_root". Once we support more than
rtnl, well will have to revisit that, anyway.
David Herrmann [Tue, 23 Jun 2015 10:03:10 +0000 (12:03 +0200)]
sd-netlink: don't treat type_system->count==0 as invalid
Empty type-systems are just fine. Avoid the nasty hack in
union-type-systems that treat empty type-systems as invalid. Instead check
for the actual types-array and make sure it's non-NULL (which is even true
for empty type-systems, due to "empty_types" array).
David Herrmann [Tue, 23 Jun 2015 08:47:44 +0000 (10:47 +0200)]
sd-netlink: make sure the root-level type is nested
In sd-netlink-message, we always guarantee that the currently selected
type-system is non-NULL. Otherwise, we would be unable to parse any types
in the current container level. Hence, this assertion must be true:
message->container_type_system[m->n_containers] != NULL
During message_new() we currently do not verify that this assertion is
true. Instead, we blindly access nl_type->type_system and use it (which
might be NULL for basic types and unions). Fix this, by explicitly
checking that the root-level type is nested.
Note that this is *not* a strict requirement of netlink, but it's a strict
requirement for all message types we currently support. Furthermore, all
the callers of message_new() already verify that only supported types are
passed, therefore, this is a pure cosmetic check. However, it might be
needed on the future, so make sure we don't trap into this once we change
the type-system.
David Herrmann [Tue, 23 Jun 2015 09:46:48 +0000 (11:46 +0200)]
sd-netlink: turn 'max' into 'count' to support empty type-systems
Right now we store the maximum type-ID of a type-system. This prevents us
from creating empty type-systems. Store the "count" instead, which should
be treated as max+1.
Note that type_system_union_protocol_get_type_system() currently has a
nasty hack to treat empty type-systems as invalid. This might need some
modification later on as well.
David Herrmann [Tue, 23 Jun 2015 09:18:53 +0000 (11:18 +0200)]
sd-netlink: avoid casting size_t into int
size_t is usually 64bit and int 32bit on a 64bit machine. This probably
does not matter for netlink message sizes, but nevertheless, avoid
hard-coding it anywhere.
David Herrmann [Tue, 23 Jun 2015 09:07:59 +0000 (11:07 +0200)]
sd-netlink: make NLTypeSystem internal
Same as NLType, move NLTypeSystem into netlink-types.c and hide it from
the outside. Provide an accessor function for the 'max' field that is used
to allocate suitable array sizes.
Note that this will probably be removed later on, anyway. Once we support
bigger type-systems, it just seems impractical to allocate such big arrays
for each container entry. An RBTree would probably do just fine.
David Herrmann [Tue, 23 Jun 2015 09:03:10 +0000 (11:03 +0200)]
sd-netlink: make NLType internal
If we extend NLType to support arrays and further extended types, we
really want to avoid hard-coding the type-layout outside of
netlink-types.c. We already avoid accessing nl_type->type_system outside
of netlink-types.c, extend this to also avoid accessing any other fields.
Provide accessor functions for nl_type->type and nl_type->size and then
move NLType away from the type-system header.
With this in place, follow-up patches can safely turn "type_system" and
"type_system_union" into a real "union { }", and then add another type for
arrays.
Make sure we never access type->type_system or type->type_system_union
directly. This is an implementation detail of the type-system and we
should always use the accessors. Right now, they only exist for 2-level
accesses (type-system to type-system). This patch introduces the 1-level
accessors (type to type-system) and makes use of it.
This patch makes sure the proper assertions are in place, so we never
accidentally access sub-type-systems for non-nested/union types.
Note that this places hard-asserts on the accessors. This should be fine,
as we expect callers to only access sub type-systems if they *know*
they're dealing with nested types.
David Herrmann [Tue, 23 Jun 2015 07:56:59 +0000 (09:56 +0200)]
sd-netlink: rename NLA_ to NETLINK_TYPE_
The NLA_ names are used to name real datatypes we extract out of netlink
messages. The kernel has an internal enum with the same names
(NLA_foobar), which is *NOT* binary compatible to our types. Furthermore,
we support a different set of types than the kernel (as we try to treat
some kernel peculiarities as our own types to simplify the API).
Rename NLA_ to NETLINK_TYPE_ to make clear that this is our own set of
types.
Kay Sievers [Wed, 24 Jun 2015 11:10:07 +0000 (13:10 +0200)]
rules: remove all power management from udev
It is not udev's task to apply any of these setting that way, or
from udev rules files. Things need to be sortet out in the kernel,
or explicit whitelist can possibly be added to the hardware database.
Until that is sorted out, and general agreement, udev is not
willing to maintain any such lists or power management settings
in general.
"Thanks for digging this out! I thought my Kinesis keyboard got broken
and ordered a new one, only to find out that the new one doesn't work
as well. I'm not sure whether we should start collecting a blacklist
of keyboards which don't work with USB autosuspend, or rather a
whitelist? Or revert this wholesale?"
Jan Engelhardt [Tue, 23 Jun 2015 23:48:18 +0000 (01:48 +0200)]
ata_id: unbotch format specifier
Commit v218-247-g11c6f69 broke the output of the utility. "%1$" PRIu64
"x" expands to "%1$lux", essentially "%lux", which shows the problem.
u and x cannot be combined, u wins as the type character, and x gets
emitted verbatim to stdout.
build-sys: make sure check-api-docs sees each symbol just once
Given that some symbols are exposed by multiple libraries (due to the
compatibility libraries), let's ensure "make check-api-docs" only shows
each symbol once by filtering out duplicates.